Response dated 04/10/2007 Application No. 10/608,818 

Response to Office Action dated 01/1 1/2007 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) A method for conducting secure communications, comprising: 

(a) connecting a user device via a publicly-accessible network to a server; 

(b) receiving a certificate; 

(c) calculating an identifier of the received certificate and converting it to a character 

string; 

(d) modifying the string by removing at least one random character from the string; 

(e) displaying the modified string; 

(f) receiving, from a user previously provided with the identifier through a trusted 
medium, input corresponding to the at least one removed character; and 

(g) continuing connection to the server only if the user input matches the at least one 
removed character. 

2. (Original) The method of claim 1, further comprising randomly selecting multiple 
characters for removal. 

3. (Original) The method of claim 2, wherein the randomly selected characters are 
replaced with a character indicating the replacement. 

4. (Original) The method of claim 2, wherein the modified string is displayed with 
spaces replacing the removed characters. 
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5. (Original) The method of claim 1, wherein the device is a mobile telephone and the 
at least one removed character is a digit. 

6. (Original) The method of claim 1, wherein receiving the certificate comprises 
receiving the certificate from a certification authority. 

7. (Original) The method of claim 1, wherein the position of the at least one character 
removed from the string is different during a subsequent connection attempt. 

8. (Original) The method of claim 1, wherein the at least one removed character is 
removed based on the capabilities of the user device. 

9. (Currently Amended) The method of claim 1, wherein receiving input corresponding to 
the at least one removed character comprises receiving input from a user previously provided 
with the identifier through a on e of th e mail or a company newsletter. 

10. (Original) The method of claim 1, wherein the at least one removed character is a 
digit, and wherein no non-digit characters are removed. 

1 1 . (Original) The method of claim 1 , further comprising: 

repeating steps (a) through (g) on each attempt to connect the device to the server. 

12. (Currently Amended) A device for s e cure communication with a server via a publicly 
accessible network, comprising: 

an interface to a publicly accessible network; and 

a processor configured to perform steps comprising: 

receiving, via the interface, a certificate from a remotely located server, 
calculating an identifier of the received certificate and converting it to a character 

string, 

modifying the string by removing at least one random character from the string, 
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displaying the modified string, 

receiving, from a user of the device previously provided with the identifier 
through a trusted medium, input corresponding to the at least one removed character, and 

continuing connection to the server only if the user input matches the at least one 
removed character. 

13. (Original) A machine-readable medium having machine-executable instructions for 
performing steps comprising: 

(a) connecting a user device via a publicly-accessible network to a server; 

(b) receiving a certificate; 

(c) calculating an identifier of the received certificate and converting it to a character 

string; 

(d) modifying the string by removing at least one random character from the string; 

(e) displaying the modified string; 

(f) receiving, from a user previously provided with the identifier through a trusted 
medium, input corresponding to the at least one removed character; and 

(g) continuing connection to the server only if the user input matches the at least one 
removed character. 

14. (Original) A method for conducting secure communications, comprising: 
(a) connecting a user device via a publicly-accessible network to a server; 
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(b) receiving a certificate; 

(c) receiving a modified identifier, the identifier having previously been calculated for 
the certificate outside of the user device and modified outside of the user device by removal of at 
least one random character; 

(e) displaying the modified identifier; 

(f) receiving, from a user previously provided with the identifier through a trusted 
medium, input corresponding to the at least one removed character; and 

(g) continuing connection to the server only if the user input matches the at least one 
removed character. 



